Real-world testing is taking cyber certification to the next level, ensuring that information security managers hire Red Team and Blue Team practitioners who have the necessary skills and knowledge to help strengthen organizations' security posture.
Hands-on, real-world, scenario-based testing must be a critical component of cyber security certifications given the current threat environment in which major cyberattacks and data breaches continue to impact organizations of all sizes and sectors.
The number of data breaches spiked dramatically in the first half of 2019 compared to previous years, according to a report from vulnerability intelligence company RiskBased Security; the company's analysis found that breach numbers for the first six months of 2019 grew by 54% compared to the same period last year, while the number of exposed records grew 52% - 3,813 breaches were reported through June 30, with 4.1 billion records exposed.
GIAC, providing the highest standard in cyber security certification for more than two decades, launched CyberLive - hands-on, real-world-testing - to fill the gaps in the market. GIAC currently features CyberLive in five certifications - GXPN, GCIA, GCIH, GPEN, and GCFA - and will be adding more in the near future. The first five certifications focus on exploit researching, penetration testing, intrusion analysis, incident handling, and forensic analysis - skills that are in high demand as attacks become more targeted, damaging, and elusive.
Candidates taking cyber security certification exams with a CyberLive component interact with actual programs, actual code, live virtual-machines, and actual networks presented in an environment in which they must prove their knowledge, understanding, and abilities in their specific skill category.
"Increasingly, the hands-on portion is important to measure the abilities of cyber professionals," says Ben Boyle, a cyber security professional with GXPN, GDAT, and GWAPT certifications.
Working as a Team for One Objective
Blue Teams must be aware of the same malicious tactics, techniques, and procedures as Red Teams in order to build strategic responses to them. Whether or not a cyber security professional is on a Red Team, using offensive skills to discover security vulnerabilities to exploit, or a Blue Team, using defensive skills to detect and respond to attacks, the ultimate objective is the same: strengthening an organization's cyber defense. As a result, the techniques of Red Teams and Blue Teams are interwoven into cyber security certification programs and exams, such as GIAC's Certified Intrusion Analyst (GCIA).
Knowing how things are attacked and what attack vectors are used really helps security operations teams understand how to defend their organizations. GIAC Certified Intrusion Analysts (GCIAs) have the knowledge, skills, and abilities to configure and monitor intrusion detection systems, as well as to read, interpret, and analyze network traffic and related log files. The candidates demonstrate competence in analyzing data from multiple sources as part of a forensic investigation. The candidates also demonstrate understanding of IDS tuning methods and correlation issues, as well as the ability to analyze network and application traffic to identify both normal and malicious behaviors.
"The person who passes the GCIA knows, and knows that others know, that they literally have some actual skill at parsing packets, or running Snort against a pcap, or analyzing a stream with Zeek," says Tommy Adams, a GIAC engineer and developer of CyberLive.
Organizations are struggling with hiring and retaining cyber security professionals who have the skills and knowledge to defend against increasingly sophisticated attacks and attempts to penetrate networks. Hands-on, real-world practical testing helps hiring managers verify the skillsets of their cyber teams and determine the abilities of prospective employees. To retain their cyber security workforce and continue to grow their team, managers might consider the benefit of sending employees to take certification training and exams, such as certifications for incident handling and intrusion detection.
GIAC continues to raise the bar for cyber security certification with CyberLive, going beyond theory by testing the practical application of cyber defenses through exploit researching, incident handling, intrusion analysis, and penetration testing.